---------------------
PatchSet 3454 
Date: 2001/12/04 17:44:27
Author: kinkie
Branch: ntlm
Tag: (none) 
Log:
Moved to wb_basic_auth.c

Members: 
	src/auth/ntlm/helpers/winbind/wb_ntlm_auth.c:1.1.2.5->1.1.2.6(DEAD) 

--- squid/src/auth/ntlm/helpers/winbind/wb_ntlm_auth.c	Wed Feb 14 00:56:46 2007
+++ /dev/null	Wed Feb 14 00:55:47 2007
@@ -1,236 +0,0 @@
-/*
- * (C) 2000 Francesco Chemolli <kinkie@kame.usr.dsi.unimi.it>
- *
- * Distributed freely under the terms of the GNU General Public License,
- * version 2. See the file COPYING for licensing details
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- 
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
- *
- */
-
-
-#include "wbntlm.h"
-#include "util.h"
-/* stdio.h is included in wbntlm.h */
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <unistd.h>
-#include <sys/time.h>           /* for gettimeofday */
-#include <errno.h>              /* BUG: is this portable? */
-
-#include "winbind_nss_config.h"
-#include "winbindd_nss.h"
-
-char debug_enabled=0;
-
-NSS_STATUS winbindd_request(int req_type, 
-														struct winbindd_request *request,
-														struct winbindd_response *response);
-		 
-
-static tristate have_urandom = DONTKNOW;
-FILE *urandom_file=NULL;
-
-void init_random() {
-  if (have_urandom == DONTKNOW) {
-    int result=0;
-    struct stat st;
-    result=stat(ENTROPY_SOURCE,&st);
-    if (result != 0 || ! (S_ISCHR(st.st_mode) || S_ISBLK(st.st_mode))) {
-      debug("Entropy source " ENTROPY_SOURCE " is unavailable\n");
-      have_urandom=NO;
-    }
-    if ((urandom_file = fopen(ENTROPY_SOURCE,"r")) == NULL) {
-      unsigned int seed;
-      struct timeval t;
-      unsigned long intentional_garbage;    /* intentionally not initialized */
-      warn("Can't open entropy source " ENTROPY_SOURCE "\n");
-      have_urandom=NO;
-      gettimeofday(&t,NULL);
-      seed=getpid()*t.tv_sec*t.tv_usec-intentional_garbage;
-      squid_srandom(seed);
-    } else {
-      have_urandom=YES;
-    }
-  }
-}
-
-static unsigned char challenge[CHALLENGE_LEN+1];
-static char *build_challenge(void) {
-  size_t gotchars;
-  unsigned char j;
-  switch (have_urandom) {
-  case YES:
-    if ((gotchars=fread(&challenge,CHALLENGE_LEN,1,urandom_file))==0) {
-      /* couldn't get a challenge. Fall back to random() and friends.
-         notice that even a single changed byte is good enough for us */
-      have_urandom=NO;
-      return build_challenge();
-    }
-    return challenge;
-  case NO:
-    for (j=0;j<CHALLENGE_LEN;j++)
-      challenge[j]=(unsigned char)(squid_random()%256);
-    return challenge;
-  default:
-    warn("Critical internal error. Somebody forgot to initialize "
-          "the random system. Exiting.\n");
-    exit(1);
-  }
-}
-
-static char domuser[200];
-lstring lmhash, nthash;
-static char have_nthash=0;			/* simple flag. A tad dirty.. */
-
-void do_authenticate(ntlm_authenticate *auth, int auth_length) {
-	lstring tmp;
-	int offset=0;
-	struct winbindd_request request;
-	struct winbindd_response response;
-	NSS_STATUS winbindd_result;
-	
-	/* domain */
-	tmp = ntlm_fetch_string((char *) auth, auth_length, &auth->domain);
-	if (tmp.str == NULL || tmp.l == 0) { /* no domain supplied */
-		SEND("NA No domain supplied");
-		return;
-	}
-	memcpy(domuser, tmp.str, tmp.l);
-	domuser[tmp.l]='\\';
-	offset=tmp.l+1;
-	
-	/* username */
-	tmp = ntlm_fetch_string((char *) auth, auth_length, &auth->user);
-	if (tmp.str == NULL || tmp.l == 0) {
-		SEND("NA No username in request");
-		return;
-	}
-	memcpy(domuser+offset,tmp.str,tmp.l);
-	domuser[offset+tmp.l]='\0';
-	
-	/* now the LM hash */
-	lmhash = ntlm_fetch_string((char *) auth, auth_length, &auth->lmresponse);
-	if (lmhash.str == NULL || lmhash.l == 0) {
-		SEND("NA No lm hash");
-		return;
-	}
-	
-	nthash = ntlm_fetch_string((char *) auth, auth_length, &auth->ntresponse);
-	if (nthash.str == NULL || nthash.l == 0)
-		have_nthash=0;
-	else
-		have_nthash=1;
-
-	debug("Checking user '%s' lmhash='%24s', have_nthash=%d, nthash='%24s'\n",
-				domuser, lmhash.str, have_nthash, nthash.str);
-
-	memset(&request,0,sizeof(struct winbindd_request));
-	memset(&response,0,sizeof(struct winbindd_response));
-	
-	memcpy(request.data.auth_crap.chal,challenge,CHALLENGE_LEN);
-  strcpy(request.data.auth_crap.user,domuser);
-	memcpy(request.data.auth_crap.lm_resp,lmhash.str,24);
-	request.data.auth_crap.lm_resp_len=24;
-	if (have_nthash) {
-		memcpy(request.data.auth_crap.nt_resp,nthash.str,24);
-		request.data.auth_crap.nt_resp_len=24;
-	} else {
-		request.data.auth_crap.nt_resp[0]='\0';
-		request.data.auth_crap.nt_resp_len=0;
-	}
-	winbindd_result = winbindd_request(WINBINDD_PAM_AUTH_CRAP,
-																		 &request, &response);
-	debug("winbindd result: %d\n",winbindd_result);
-
-	if (winbindd_result==WINBINDD_OK) {
-		SEND2("AF %s",domuser);
-	} else {
-		SEND("NA authentication error");
-	}
-
-	return;												/* useless */
-}
-
-void manage_request(void) {
-  char buf[BUFFER_SIZE+1];
-  char *c, *decoded;
-	ntlmhdr *fast_header;
-	
-  
-  if (fgets(buf, BUFFER_SIZE, stdin) == NULL) {
-    warn("fgets() failed! dying..... errno=%d (%s)\n", errno,
-          strerror(errno));
-    exit(1);    /* BIIG buffer */
-  }
-	
-  c=memchr(buf,'\n',BUFFER_SIZE);
-  if (c)
-    *c='\0';
-  else {
-    warn("No newline in '%s'. Dying.\n",buf);
-		exit(1);
-	}
-  
-  debug("Got '%s' from squid.\n",buf);
-  if (memcmp(buf, "YR", 2) == 0) {  /* refresh-request */
-    SEND2("TT %s",ntlm_make_challenge(DOMAIN,NULL,build_challenge(),
-                                      CHALLENGE_LEN));
-    return;
-  }
-  if (memcmp(buf,"KK ",3) != 0 ) { /* not an auth-request */
-    SEND("BH squid-client protocol error");
-    warn("Illegal request received\n");
-  }
-  /* At this point I'm sure it's a KK */
-	decoded=base64_decode(buf+3);
-	if (!decoded) {   /* decoding failure, return error */
-		SEND("NA Packet format error, couldn't base64-decode");
-		return;
-	}
-  fast_header = (struct _ntlmhdr *) decoded;
-	
-  /* sanity-check: it IS a NTLMSSP packet, isn't it? */
-  if (memcmp(fast_header->signature, "NTLMSSP", 8) != 0) {
-		SEND("NA Broken authentication packet");
-		return;
-  }
-	/* Understand what we got */
-  switch (fast_header->type) {
-	case NTLM_NEGOTIATE:
-		SEND("NA Invalid negotiation request received");
-		return;
-  case NTLM_CHALLENGE:
-		SEND("NA Got a challenge. We refuse to have our authority disputed");
-		return;
-	case NTLM_AUTHENTICATE:
-		do_authenticate((ntlm_authenticate *) decoded, (strlen(buf)-3)*3/4);
-		return;
-	default:
-		SEND("BH unknown authentication packet type");
-		return;
-	}
-	/* Ok. We're authenticating. */
-	
-
-}
-
-int main (int argc, char ** argv) {
-  debug("ntlm winbindd auth helper build " __DATE__ ", " __TIME__
-        " starting up...\n");
-  /* initialize FDescs */
-  setbuf(stdout, NULL);
-  setbuf(stderr, NULL);
-  init_random();
-  while(1) {
-    manage_request();
-  }
-  return 0;
-}